I have a list of networking kit to never buy. People ask me why and I just tell them to google the vendor name and hit news, it's not hard to find stuff like this. Heard on Risky Biz that the guy that found this wanted a little vacation from regular work and looking for an easy target turned to Dlink to find this. Seems I'm not the only one with such a low opinion of them.
https://www.reddit.com/r/netsec/comment ... ncryption/
https://0x00sec.org/t/breaking-the-d-li ... rt-1/21943
Another Dlink problem
Re: Another Dlink problem
Netgear had a wad of CVEs last month.
Frankly I just shake my head when I see this SOHO gear on a system. Don't use that trash at home, sure wouldn't on a site.
Frankly I just shake my head when I see this SOHO gear on a system. Don't use that trash at home, sure wouldn't on a site.
Re: Another Dlink problem
I guess this is an area where the free market took advantage of everyone? This kit is all pretty cheap and sells everywhere. By the way I never posted the list.
Belkin
Linksys
Dlink
TrendNET
Asus
TP link
Archer
Cisco - So many hard coded passwords, switches default LAN broadcasts off (WTF), no firmware downloads if no support $$.
So many good and free DIY router solutions, couple even fix the above. https://teklager.se/en/best-free-linux- ... ware-2019/
Belkin
Linksys
Dlink
TrendNET
Asus
TP link
Archer
Cisco - So many hard coded passwords, switches default LAN broadcasts off (WTF), no firmware downloads if no support $$.
So many good and free DIY router solutions, couple even fix the above. https://teklager.se/en/best-free-linux- ... ware-2019/
Re: Another Dlink problem
More news
https://view.email.sans.org/?qs=5afb8bf ... 6995dcb3ef
That PDF is worth a scroll through.
Adding Zyxel to my list, never seen one though.
https://view.email.sans.org/?qs=5afb8bf ... 6995dcb3ef
https://www.fkie.fraunhofer.de/content/ ... ericht.pdfHome Router Study Finds “Alarming” Security Issues
(July 6, 2020)
A study of 127 home routers from seven manufacturers found numerous security issues. The Fraunhofer Institute for Communication (FKIE) in Germany looked at each router’s most current firmware, focusing on five security aspects: when the firmware was last updated; which operating systems are used and how many known flaws they have; what exploit mitigation techniques the vendors use; whether the firmware images contain private cryptographic key material; and whether there are any hard-coded login credentials. Among the report’s findings: 46 of the routers had not had a security update in the past year; some vendors ship firmware updates that contain known vulnerabilities, and just one of the seven vendors did not publish private cryptographic keys in its firmware.
Read more in:
- www.fkie.fraunhofer.de: Home Router Security Report 2020 (PDF)
- www.zdnet.com: Home router warning: They're riddled with known flaws and run ancient, unpatched Linux
That PDF is worth a scroll through.
Adding Zyxel to my list, never seen one though.